24 Feb
2012
24 Feb
'12
1:36 p.m.
Rich Megginson wrote:
On 02/24/2012 01:31 PM, Aaron Bennett wrote:
On other oddity about this is there are two boxes in play -- one's hostname is 'animal.clarku.edu' and the other is 'zoot.clarku.edu'; they are round-robin'd behind the hostname 'ds.clarku.edu.' However the cert I have installed on each box is for ds.clarku.edu.
Not sure how this works with openldap - the usual way to handle this is to use subjectAltName so that the server's cert has animal.clarku.edu zoot.clarku.edu and ds.clarku.edu
That's already documented here: http://www.openldap.org/doc/admin24/tls.html
Obviously there is a standard for it and we implement that spec.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/